Merge pull request #11 from kubesphere/dev-ll

Add the "-a" parameter to show more information about the best practice
2020-12-28 19:02:21 +08:00 · 2020-12-28 19:02:21 +08:00 · b1dfc53df7
parent a1e30c5f56 c4f491b19f
commit b1dfc53df7
5 changed files with 28 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -96,9 +96,8 @@ kube-system     Warning      coredns                   Deployment   2020-11-27T1
 | :white_check_mark: | PodFileExists                   | Check for existing files|             
 | :white_check_mark: | PodTooManyOpenFiles             | The number of file /socket connections opened by the program exceeds the system set value|
 | :white_check_mark: | PodNoSpaceLeftOnDevice          | Check for disk and inode usage|
-|                    | NodeTokenExpired                | Token certificate expired|
-|                    | NodeApiServerExpired            | kube-apiserver certificate expired|
-|                    | NodeKubeletExpired              | Kubelet certificate expired|
+|                    | NodeTokenExpiredPeriod          | Check Token expiration period is one month|
+|                    | NodeKubeletExpiredPeriod        | Check Kubelet period is one month|
 | :white_check_mark: | PodSetCpuRequestsMissing        | The CPU Resource Request value was not declared|
 | :white_check_mark: | PodSetHostIPCSet                | Set the hostIP|
 | :white_check_mark: | PodSetHostNetworkSet            | Set the hostNetwork|
@ -135,8 +134,7 @@ checks:

 customChecks:
  imageFromUnauthorizedRegistry:
-    successMessage: Image from an authorized registriy.
-    failureMessage: Image from an unauthorized registry. 
+    promptMessage: When the corresponding rule does not match. Show that image from an unauthorized registry.
    category: Images
    target: Container
    schema:
@ -152,7 +150,7 @@ customChecks:
 - Save the above rule as a yaml, for example, `rule.yaml`.
 - Run kubeye with `rule.yaml`
 ```shell
-root:# ke fault -f rule.yaml --kubeconfig ~/.kube/config
+root:# ke diags -f rule.yaml --kubeconfig ~/.kube/config
 NAMESPACE     SEVERITY    NAME                      KIND         TIME                        MESSAGE
 default       Warning     nginx                     Deployment   2020-11-27T17:18:31+08:00   [imageFromUnauthorizedRegistry]
 kube-system   Warning     node-problem-detector     DaemonSet    2020-11-27T17:18:31+08:00   [livenessProbeMissing runAsPrivileged]
--- a/checks/cpuLimitsMissing.yaml
+++ b/checks/cpuLimitsMissing.yaml
@ -1,4 +1,3 @@
-#successMessage: CPU limits are set
 promptMessage: CPU limits should be set
 category: Resources
 target: Container
--- a/cmd/audit.go
+++ b/cmd/audit.go
@ -23,12 +23,13 @@ import (
 )

 var config string
+var allInformation bool

 var auditCmd = &cobra.Command{
 	Use:   "diags",
 	Short: "diagnostic information from the cluster",
 	Run: func(cmd *cobra.Command, args []string) {
-		err := validator.Cluster(config, cmd.Context())
+		err := validator.Cluster(config, cmd.Context(), allInformation)
 		if err != nil {
 			fmt.Println(err)
 		}
@ -39,4 +40,5 @@ func init() {
 	rootCmd.AddCommand(auditCmd)
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
 	auditCmd.Flags().StringVarP(&config, "filename", "f", "", "Customize best practice configuration")
+	auditCmd.Flags().BoolVarP(&allInformation, "all", "a", false, "Show more specific information")
 }
--- a/cmd/root.go
+++ b/cmd/root.go
@ -34,6 +34,3 @@ func Execute() {
 		os.Exit(1)
 	}
 }
-func init() {
-	rootCmd.PersistentFlags().BoolVar(&Verbose, "debug", true, "Print detailed information")
-}
--- a/pkg/validator/audit.go
+++ b/pkg/validator/audit.go
@ -28,7 +28,7 @@ import (
 	"time"
 )

-func Cluster(configuration string, ctx context.Context) error {
+func Cluster(configuration string, ctx context.Context, allInformation bool) error {
 	k, err := kube.CreateResourceProvider(ctx)
 	if err != nil {
 		return errors.Wrap(err, "Failed to get cluster information")
@ -117,13 +117,32 @@ func Cluster(configuration string, ctx context.Context) error {
 	if len(goodPractice) != 0 {
 		fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE")
 		for _, goodpractice := range goodPractice {
+			var message []string
+			if allInformation {
+				for _, tmpMessage := range goodpractice.ContainerResults[0].Results {
+					message = append(message, tmpMessage.Message, "")
+				}
+				if len(goodpractice.Results) != 0 {
+					for _, tmpResult := range goodpractice.Results {
+						if tmpResult.Success == false {
+							message = append(message, tmpResult.Message, "")
+						}
+					}
+					message = message[:len(message)-1]
+				} else {
+					message = message[:len(message)-1]
+				}
+
+			} else {
+				message = goodpractice.Message
+			}
 			s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
 				goodpractice.Namespace,
 				goodpractice.Severity,
 				goodpractice.Name,
 				goodpractice.Kind,
 				goodpractice.CreatedTime,
-				goodpractice.Message,
+				message,
 			)
 			fmt.Fprintln(w, s)
 			continue